svn commit: r221417 - stable/8/sys/fs/nfsclient
Rick Macklem
rmacklem at FreeBSD.org
Wed May 4 01:39:45 UTC 2011
Author: rmacklem
Date: Wed May 4 01:39:44 2011
New Revision: 221417
URL: http://svn.freebsd.org/changeset/base/221417
Log:
MFC: r220877
Modify the offset + size checks for read and write in the
experimental NFS client to take care of overflows for the calls
above the buffer cache layer in a manner similar to r220876.
Thanks go to dillon at apollo.backplane.com for providing the
snippet of code that does this.
Modified:
stable/8/sys/fs/nfsclient/nfs_clbio.c
Directory Properties:
stable/8/sys/ (props changed)
stable/8/sys/amd64/include/xen/ (props changed)
stable/8/sys/cddl/contrib/opensolaris/ (props changed)
stable/8/sys/contrib/dev/acpica/ (props changed)
stable/8/sys/contrib/pf/ (props changed)
Modified: stable/8/sys/fs/nfsclient/nfs_clbio.c
==============================================================================
--- stable/8/sys/fs/nfsclient/nfs_clbio.c Wed May 4 01:24:03 2011 (r221416)
+++ stable/8/sys/fs/nfsclient/nfs_clbio.c Wed May 4 01:39:44 2011 (r221417)
@@ -448,6 +448,7 @@ ncl_bioread(struct vnode *vp, struct uio
int bcount;
int seqcount;
int nra, error = 0, n = 0, on = 0;
+ off_t tmp_off;
KASSERT(uio->uio_rw == UIO_READ, ("ncl_read mode"));
if (uio->uio_resid == 0)
@@ -465,11 +466,14 @@ ncl_bioread(struct vnode *vp, struct uio
}
if (nmp->nm_rsize == 0 || nmp->nm_readdirsize == 0)
(void) newnfs_iosize(nmp);
- mtx_unlock(&nmp->nm_mtx);
+ tmp_off = uio->uio_offset + uio->uio_resid;
if (vp->v_type != VDIR &&
- (uio->uio_offset + uio->uio_resid) > nmp->nm_maxfilesize)
+ (tmp_off > nmp->nm_maxfilesize || tmp_off < uio->uio_offset)) {
+ mtx_unlock(&nmp->nm_mtx);
return (EFBIG);
+ }
+ mtx_unlock(&nmp->nm_mtx);
if (newnfs_directio_enable && (ioflag & IO_DIRECT) && (vp->v_type == VREG))
/* No caching/ no readaheads. Just read data into the user buffer */
@@ -871,6 +875,7 @@ ncl_write(struct vop_write_args *ap)
int bcount;
int n, on, error = 0;
struct proc *p = td?td->td_proc:NULL;
+ off_t tmp_off;
KASSERT(uio->uio_rw == UIO_WRITE, ("ncl_write mode"));
KASSERT(uio->uio_segflg != UIO_USERSPACE || uio->uio_td == curthread,
@@ -937,8 +942,13 @@ flush_and_restart:
if (uio->uio_offset < 0)
return (EINVAL);
- if ((uio->uio_offset + uio->uio_resid) > nmp->nm_maxfilesize)
+ tmp_off = uio->uio_offset + uio->uio_resid;
+ mtx_lock(&nmp->nm_mtx);
+ if (tmp_off > nmp->nm_maxfilesize || tmp_off < uio->uio_offset) {
+ mtx_unlock(&nmp->nm_mtx);
return (EFBIG);
+ }
+ mtx_unlock(&nmp->nm_mtx);
if (uio->uio_resid == 0)
return (0);
More information about the svn-src-all
mailing list